Close creds after cmp plugin execution

Signed-off-by: jmcshane <[email protected]>
argoproj · Aug 10, 2023 · 36113b1 · 36113b1
1 parent 5c76d8f
commit 36113b1
Showing 1 changed file with 16 additions and 9 deletions.
diff --git a/reposerver/repository/repository.go b/reposerver/repository/repository.go
@@ -1813,7 +1813,7 @@ func makeJsonnetVm(appPath string, repoRoot string, sourceJsonnet v1alpha1.Appli
 	return vm, nil
 }
 
-func getPluginEnvs(env *v1alpha1.Env, q *apiclient.ManifestRequest, creds git.Creds) ([]string, error) {
+func getPluginEnvs(env *v1alpha1.Env, q *apiclient.ManifestRequest, creds git.Creds) ([]string, io.Closer, error) {
 	envVars := env.Environ()
 	envVars = append(envVars, "KUBE_VERSION="+text.SemVer(q.KubeVersion))
 	envVars = append(envVars, "KUBE_API_VERSIONS="+strings.Join(q.ApiVersions, ","))
@@ -1822,22 +1822,23 @@ func getPluginEnvs(env *v1alpha1.Env, q *apiclient.ManifestRequest, creds git.Cr
 }
 
 // getPluginParamEnvs gets environment variables for plugin parameter announcement generation.
-func getPluginParamEnvs(envVars []string, plugin *v1alpha1.ApplicationSourcePlugin, creds git.Creds) ([]string, error) {
+func getPluginParamEnvs(envVars []string, plugin *v1alpha1.ApplicationSourcePlugin, creds git.Creds) ([]string, io.Closer, error) {
+	var credCloser io.Closer
 	env := envVars
 	if creds != nil {
 		closer, environ, err := creds.Environ()
 		if err != nil {
-			return nil, err
+			return nil, nil, err
 		}
-		defer func() { _ = closer.Close() }()
+		credCloser = closer
 		env = append(env, environ...)
 	}
 
 	parsedEnv := make(v1alpha1.Env, len(env))
 	for i, v := range env {
 		parsedVar, err := v1alpha1.NewEnvEntry(v)
 		if err != nil {
-			return nil, fmt.Errorf("failed to parse env vars")
+			return nil, credCloser, fmt.Errorf("failed to parse env vars")
 		}
 		parsedEnv[i] = parsedVar
 	}
@@ -1850,17 +1851,20 @@ func getPluginParamEnvs(envVars []string, plugin *v1alpha1.ApplicationSourcePlug
 		}
 		paramEnv, err := plugin.Parameters.Environ()
 		if err != nil {
-			return nil, fmt.Errorf("failed to generate env vars from parameters: %w", err)
+			return nil, credCloser, fmt.Errorf("failed to generate env vars from parameters: %w", err)
 		}
 		env = append(env, paramEnv...)
 	}
 
-	return env, nil
+	return env, credCloser, nil
 }
 
 func runConfigManagementPluginSidecars(ctx context.Context, appPath, repoPath, pluginName string, envVars *v1alpha1.Env, q *apiclient.ManifestRequest, creds git.Creds, tarDoneCh chan<- bool, tarExcludedGlobs []string) ([]*unstructured.Unstructured, error) {
 	// compute variables.
-	env, err := getPluginEnvs(envVars, q, creds)
+	env, closer, err := getPluginEnvs(envVars, q, creds)
+	if closer != nil {
+		defer func() { _ = closer.Close() }()
+	}
 	if err != nil {
 		return nil, err
 	}
@@ -2111,7 +2115,10 @@ func populatePluginAppDetails(ctx context.Context, res *apiclient.RepoAppDetails
 		fmt.Sprintf("ARGOCD_APP_SOURCE_TARGET_REVISION=%s", q.Source.TargetRevision),
 	}
 
-	env, err := getPluginParamEnvs(envVars, q.Source.Plugin, creds)
+	env, closer, err := getPluginParamEnvs(envVars, q.Source.Plugin, creds)
+	if closer != nil {
+		defer func() { _ = closer.Close() }()
+	}
 	if err != nil {
 		return fmt.Errorf("failed to get env vars for plugin: %w", err)
 	}